Re: Firewall novice question

In comp.security.unix Robert Melson <melsonr@aragorn.rgmhome.net> wrote:
> Just activated ipfw on FreeBSD 5.4 without major problems, have a minimal -
> but working - ruleset, that I'd like to expand. My question is this: I know
> you can block an ip address or a range of addresses or even a block of ip
> addresses (as in ip/mask). All well and good. Is it possible to substitute
> a domain, such as example.com, in the rules? Say I want to block all incoming
> traffic from example.com, can I write a rule on the order of:
>
> deny all from example.com to me in via <interface>
>
> If I can't do this, I can live with it, but it would surely be convenient.
>
> Thanks for any replies.
>
> Bob Melson

I'm not sure if you can or can't, never having used it myself, but it's
not a very good idea. After all, you effectively let whatever DNS server
you use configure your firewall, and DNS is not known for its security.

Far better to use dig, whois and so on.

                Joachim

P.S. On a side note: WTF is that other reply supposed to be about?
Received on Sat Dec 3 04:19:09 2005